Cyber Attak
The BBC, British Airways and several other firms were among the first major victims of this cyber attack.

In a joint advisory issued recently, the United Kingdom and international partners have raised concerns about the ongoing danger posed by the Lockbit ransomware operation. This notorious cybercriminal group has continued to unleash disruptive attacks against organisations worldwide, prompting a call to action to mitigate its impact.

The advisory reveals that Lockbit was the most prevalent ransomware variant deployed globally in 2022. Moreover, its activities have persisted throughout 2023, with incidents observed as recently as late May. In response to this alarming trend, the National Cyber Security Centre (NCSC), a division of GCHQ, collaborated with agencies from the United States, Australia, Canada, France, Germany and New Zealand to provide guidance aimed at reducing the likelihood and severity of future attacks.

Since January 2020, Lockbit affiliates have targeted organisations of all sizes across various critical infrastructure sectors, including financial services, food and agriculture, education and healthcare. These attacks employ a range of tactics and techniques, demonstrating the group's adaptability and persistence.

According to the NCSC's assessment, Lockbit was undoubtedly the most prevalent ransomware strain in the United Kingdom throughout 2022, and it remains the most substantial ransomware threat to UK organisations.

The joint advisory offers detailed technical insights into Lockbit's operations, outlining the common tools and techniques employed by its affiliates. Additionally, it provides essential mitigation advice for network defenders to safeguard their systems.

Paul Chichester, Director of Operations at the NCSC, emphasised the gravity of the ransomware threat and the impact of the Lockbit operation on businesses worldwide. Chichester underscored the necessity for organisations to comprehend the severe consequences of ransomware attacks, including operational disruption, financial loss and reputational damage.

Chichester stated: "This advisory, issued with our international partners, emphasises the importance of network defenders taking the recommended actions to establish effective protections against such attacks."

The advisory sheds light on the Lockbit operation's utilisation of a "Ransomware-as-a-Service" model, where cybercriminals sell access to their ransomware variant to unaffiliated affiliates and provide them with support to carry out attacks. Additionally, the document highlights the common tactic of double extortion, whereby ransomware actors encrypt a victim's system and exfiltrate sensitive information, threatening to release it publicly unless a ransom is paid.

To assist organisations in understanding, mitigating and responding to ransomware attacks, the NCSC's ransomware hub offers a range of guidance and advice. It is important to note that both the NCSC and law enforcement agencies firmly oppose endorsing, promoting, or encouraging the payment of ransoms.

The joint advisory was jointly issued by the NCSC, the United States Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the US Multi-State Information Sharing and Analysis Centre (MS-ISAC), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the National Cybersecurity Agency of France (ANSSI), Germany's Federal Office for Information Security (BSI) and New Zealand's Computer Emergency Response Team (CERT NZ) and National Cyber Security Centre (NCSC-NZ).

As the Lockbit ransomware operation continues to pose a significant threat, organisations must remain vigilant and implement robust cybersecurity measures to protect their critical systems and data.

Previously, the British cybersecurity agency had issued a warning to companies across the country after a software hack compromised the personal details of employees at prominent organisations.

The BBC, British Airways and several other firms were among the first major victims of this cyber attack, which exploited a critical vulnerability in a widely used file transfer software known as Moveit. The hacking group behind the breach, believed to be the Clop ransomware group based in Russia, has openly threatened on their dark website to expose stolen data, including sensitive personal information such as names and home addresses.

The National Cyber Security Centre (NCSC), in response to the incident, has emphasised the urgency for organisations to exercise heightened vigilance and take immediate action.

Read more